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Abstract 

Complementation, the inverse of the reduced product operation, is a technique for system- 
atically finding minimal decompositions of abstract domains. File and Ranzato advanced 
the state of the art by introducing a simple method for computing a complement. As an 
application, they considered the extraction by complementation of the pair-sharing do- 
main PS from the Jacobs and Langen's set-sharing domain SH. However, since the result 
of this operation was still SH , they concluded that PS was too abstract for this. Here, 
we show that the source of this result lies not with PS but with SH and, more precisely, 
with the redundant information contained in SH with respect to ground-dependencies and 
pair-sharing. In fact, a proper decomposition is obtained if the non-redundant version of 
SH , PSD, is substituted for SH . To establish the results for PSD, we define a general 
schema for subdomains of SH that includes PSD and Def as special cases. This sheds 
new light on the structure of PSD and exposes a natural though unexpected connection 
between Def and PSD. Moreover, we substantiate the claim that complementation alone 
is not sufficient to obtain truly minimal decompositions of domains. The right solution 
to this problem is to first remove redundancies by computing the quotient of the domain 
with respect to the observable behavior, and only then decompose it by complementation. 

Keywords: Abstract Interpretation, Domain Decomposition, Complementation, 
Sharing Analysis. 



1 Introduction 

Complementation (Cortesi, File, Giacobazzi, Palamidessi and Ranzato 1997), which 
is the inverse of the well-known reduced product operation (Cousot and Cousot 
1979), can systematically obtain minimal decompositions of complex abstract do- 
mains. It has been argued that these decompositions would be useful in finding 
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space saving representations for domains and to simplify domain verification prob- 
lems. 

In (File and Ranzato 1996), File and Ranzato presented a new method for com- 
puting the complement, which is simpler than the original proposal by Cortesi et 
al. (Cortesi, File, Giacobazzi, Palamidessi and Ranzato 1995, Cortesi et al. 1997) 
because it has the advantage that, in order to compute the complement, only a 
relatively small number of elements (namely the meet-irreducible elements of the 
reference domain) need be considered. As an application of this method, the authors 
considered the Jacobs and Langen's sharing domain (Jacobs and Langen 1992), SH, 
for representing properties of variables such as groundness and sharing. This domain 
captures the property of set-sharing. File and Ranzato illustrated their method by 
minimally decomposing SH into three components; using the words of the authors 
(File and Ranzato 1996, Section 1): 

"[. . . ] each representing one of the elementary properties that coexist in the elements 
of Sharing, and that are as follows: (i) the ground-dependency information; (ii) the pair- 
sharing information, or equivalently variable independence; (iii) the set-sharing informa- 
tion, without variable independence and ground-dependency." 

However, this decomposition did not use the usual domain PS for pair-sharing. 
File and Ranzato observed that the complement of the pair-sharing domain PS 
with respect to SH is again SH and concluded that PS was too abstract to be 
extracted from SH by means of complementation. Thus, in order to obtain their 
non-trivial decomposition of SH , they used a different (and somewhat unnatural) 
definition for an alternative pair-sharing domain, called PS' . The nature of PS' and 
its connection with PS is examined more carefully in Section 6. 

We noticed that the reason why File and Ranzato obtained this result was not 
to be found in the definition of PS, which accurately represents the property of 
pair-sharing, but in the use of the domain SH to capture the property of pair- 
sharing. In (Bagnara, Hill and Zaffanella 1997, Bagnara, Hill and Zaffanella 2001), 
it was observed that, for most (if not all) applications, the property of interest is not 
set-sharing but pair-sharing. Moreover, it was shown that, for groundness and pair- 
sharing, SH includes redundant elements. By defining an upper closure operator 
p that removed this redundancy, a much smaller domain PSD, which was denoted 
SH'' in (Bagnara et al. 1997), was found that captured pair-sharing and groundness 
with the same precision as SH. We show here that using the method given in 
(File and Ranzato 1996), but with this domain instead of SH as the reference 
domain, a proper decomposition can be obtained even when considering the natural 
definition of the pair-sharing domain PS. Moreover, we show that PS is exactly 
one of the components obtained by complementation of PSD. Thus the problem 
exposed by File and Ranzato was, in fact, due to the "information preserving" 
property of complementation, as any factorization obtained in this way is such that 
the reduced product of the factors gives back the original domain. In particular, any 
factorization of SH has to encode the redundant information identified in (Bagnara 
et al. 1997, Bagnara et al. 2001). We will show that such a problem disappears 
when PSD is used as the reference domain. 

Although the primary purpose of this work is to clarify the decomposition of 
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the domain PSD, the formulation is sufficiently general to apply to other proper- 
ties that are captured by SH. The domain Pos of positive Boolean functions and 
its subdomain Def, the domain of definite Boolean functions, arc normally used 
for capturing groimdncss (Armstrong, Marriott, Schachtc and S0ndergaard 1998). 
Each Boolean variable has the value true if the program variable it corresponds to 
is definitely bound to a ground term. However, the domain Pos is isomorphic to 
SH via the mapping from formulas in Pos to the set of complements of their mod- 
els (Codish and S0ndergaard 1998). This means that any general result regarding 
the structure of SH is equally applicable to Pos and its subdomains. 

To establish the results for PSD, we define a general schema for subdomains 
of SH that includes PSD and Def as special cases. This sheds new light on the 
structure of the domain PSD, which is smaller but significantly more involved 
than SH} Of course, as we have used the more general schematic approach, we 
can immediately derive (where applicable) corresponding results for Def and Pos. 
Moreover, an interesting consequence of this work is the discovery of a natural 
connection between the abstract domains Def and PSD. The results confirm that 
PSD is, in fact, the "appropriate" abstraction of the set-sharing domain SH that has 
to be considered when groundncss and pair-sharing arc the properties of interest. 

The paper, which is an extended version of (Zaffanella, Hill and Bagnara 1999), 
is structured as follows: In Section 2 we briefly recall the required notions and 
notations, even though we assume general acquaintance with the topics of lattice 
theory, abstract interpretation, sharing analysis and groundncss analysis. Section 3 
introduces the SH domain and several abstractions of it. The meet-irreducible el- 
ements of an important family of abstractions of SH are identified in Section 4. 
This is required in order to apply, in Section 5, the method of File and Ranzato to 
this family. In Section 6 we present some final remarks and we explain what is, in 
our opinion, the lesson to be learned from this and other related work. Section 7 
concludes. 

2 Preliminaries 

For any set S, p{S) denotes the power set of S and # S' is the cardinality of S. 

A preorder over a set P is a binary relation that is reflexive and transitive. 
If is also antisymmetric, then it is called partial order. A set P equipped with 
a partial order is said to be partially ordered and sometimes written (P, ^). 
Partially ordered sets arc also called posets. 

A poset (P, :<) is totally ordered with respect to if, for each x,y € P, either 
X ^ y 01 y ^ X. A subset 5 of a poset (P, ^) is a chain if it is totally ordered with 
respect to 

Given a poset (P, and S* C P, y g P is an upper bound for S if and only if 
X ^ y for each x G S. An upper bound y for 5 is a least upper bound (or lub) of 
S if and only if, for every upper bound y' for S, y ^ y'. The lub, when it exists, 

1 For the well acquainted with the matter: SH is a powerset and hence it is dual-atomistic; this 
is not the case for PSD. 
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is unique. In this case we write y = lub S. Lower bounds and greatest lower hounds 
(or gib) are defined dually. 

A posct {L, <) such that, for each x,y G L, both \uh{x,y} and glh{x,y} exist, 
is called a lattice. In this case, lub and gib arc also called, respectively, the join 
and the meet operations of the lattice. A complete lattice is a lattice {L, ^) such 
that every subset of L has both a least upper bound and a greatest lower bound. 
The top element of a complete lattice L, denoted by T, is such that T G L and 
\/x G L : X ^ T . The bottom element of L, denoted by ±, is defined dually. 

As an alternative definition, a lattice is an algebra {L, A, V) such that A and V 
are two binary operations over L that are commutative, associative, idempotent, 
and satisfy the following absorption laws, for each x,y G L: x A {x\/ y) = x and 
xV {x Ay) = X. 

The two definitions of lattice are equivalent. This can be seen by defining: 

dcf dcf 

X di y ■^=^ X Ay = X xV y — y 

and 

glb{x, y} X Ay, 
lub{.x, y} '== X \/ y. 

The existence of an isomorphism between the two lattices Li and L2 is denoted by 
Li = L2. 

A monotone and idempotent self- map p: P ^ P over a poset (P, -<) is called a 
closure operator (or upper closure operator) if it is also extensive, namely 

Va; G P : a; ^ p{x). 

Each upper closure operator p over a complete lattice C is uniquely determined by 
the set of its fixpoints, that is, by its image 

piC)"^ {p{x)\xGC]. 

We will often denote upper closure operators by their images. The set of all upper 

closure operators over a complete lattice C, denoted by uco(C), forms a complete 
lattice ordered as follows: if pi,p2 € uco(P), p\ C p^ if and only if p2{C) C pi{C). 
The reduced product of two elements pi and p2 of uco(C) is denoted by pi n p2 and 
defined as 

Pi n p2 glb{pi,p2}- 

For a more detailed introduction to closure operators, the reader is referred to 
(Gierz, Hofmann, Keimel, Lawson, Mislove and Scott 1980). 

A complete lattice C is meet- continuous if for any chain Y C C and each x € C, 

Most domains for abstract interpretation (Cortesi et al. 1997) and, in particular, 
all the domains considered in this paper are meet-continuous. 
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Assume that C is a meet-continuous lattice. Then the inverse of the reduced 
product operation, called weak relative pseudo- complement, is well defined and given 
as follows. Let p, pi G uco(C) be such that p E Pi- Then 

p Pi =^ lub{ p2 G uco(C) I pi n p2 = p }. 

Given p G uco(C), the weak pseudo- complement (or, by an abuse of terminology 
now customary in the field of Abstract Interpretation, simply complement) of p 

is denoted by idc p, where idc is the identity over C. Let Di pDi{C) with 
PDi G uco(C) for i = 1, . . . , n. Then {£)j|l<i<n}isa decomposition for C 
if C = £>i n • • • n Dn- The decomposition is also called minimal if, for each G N 
with 1 < A; < n and each Ek G uco(C), C E}. implies 

C C £»i n • • • n Dk-i UEkU Dk+i □•••□£)„. 

Assume now that C is a complete lattice. If X C C, then Moore(X) denotes the 
Moore completion of X, namely, 

Moore(X) {/\Y \ Y CX } . 

We say that C is meet-generated by X if C = Moore(X). An element a; G C is 
meet-irreducible if 

Vi/, z & C : [{x = y A z) {x = y ox x = z)). 

The set of meet-irreducible elements of a complete lattice C is denoted by MI(C). 
Note that T G MI(C). An element a; G C is a dual-atom if x ^ T and, for 
each y€C, x<y<T implies x = y. The set of dual-atoms is denoted by 
dAtoms(C). Note that dAtoms(C) C MI(C). The domain C is dual- atomistic if 
C = Moorc(dAtoms(C)). Thus, if C is dual-atomistic, MI(C) = {T} UdAtoms(C). 
The following result holds (File and Ranzato 1996, Theorem 4.1). 

Theorem 1 

If C is meet-generated by MI(C) then uco(C) is pseudo-complemented and for any 
p G uco(C) 

idc--p = Moore(MI(C) \ p(C)) . 
Another interesting result is the following (File and Ranzato 1996, Corollary 4.5). 

Theorem 2 

If C is dual-atomistic then uco(C) is pscudo-complcmontcd and for any p G uco(C) 

idc P = Moorc(dAtoms(C) \ p(C)) . 

Let Vars be a denumerable set of variables. For any syntactic object o, vars{o) 
denotes the set of variables occurring in o. Let Tvars be the set of first-order terms 
over Vars. If a; G Vars and t G Tvars \ {x}, then a; i— > t is called a binding. A 
substitution is a total function a : Vars Tvars that is the identity almost every- 
where. Substitutions are denoted by the set of their bindings, thus a substitution 
a is identified with the (finite) set 

{ a; a{x) | a; 7^ a{x) }. 
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If t £ Tvars, we write ta to denote a{t). A substitution a is idempotent if, for all 
t G Tvars, we have taa = ta. The set of all idempotent substitutions is denoted by 
Subst. 

It should be stressed that this restriction to idempotent substitutions is provided 
for presentation purposes only. In particular, it allows for a straight comparison 
of our work with respect to other works appeared in the literature. However, the 
results proved in this paper do not rely on the idempotency of substitutions and 
are therefore applicable also when considering substitutions in rational solved, form 
(Colmerauer 1982, Colmcrauer 1984). Indeed, we have proved in (Hill, Bagnara 
and Zaffanella 1998) that the usual abstract operations defined on the domain 
SH, approximating concrete unification over finite trees, also provide a correct 
approximation of concrete unification over a domain of rational trees. 



3 The Sharing Domains 

In order to provide a concrete meaning to the elements of the set-sharing domain 
of D. Jacobs and A. Langen (Jacobs and Langen 1989, Langen 1990, Jacobs and 
Langen 1992), a knowledge of the finite set VI C Vars of variables of interest 
is required. For example, in the Ph.D. thesis of Langen (Langen 1990) this set 
is implicitly defined, for each clause being analyzed, as the finite set of variables 
occurring in that clause. A clearer approach has been introduced in (Cortesi, File 
and Winsborough 1994, Cortesi, File and Winsborough 1998) and also adopted 
in (Bagnara ct al. 1997, Bagnara ct al. 2001, Cortesi and File 1999), where the set 
of variables of interest is given explicitly as a component of the abstract domain. 
During the analysis process, this set is elastic. That is, it expands (e.g., when solving 
clause's bodies) and contracts (e.g., when abstract descriptions are projected onto 
the variables occurring in clause's heads). This technique has two advantages: first, 
a clear and unambiguous description of those semantic operators that modify the 
set of variables of interest is provided; second, the definition of the abstract domain 
is completely independent from the particular program being analyzed. However, 
since at any given time the set of variables of interest is fixed, we can simplify the 
presentation by consistently denoting this set by VI. Therefore, in this paper all 
the abstract domains defined are restricted to a fixed set of variables of interest VI 
of finite cardinality n; this set is not included explicitly in the representation of the 
domain elements; also, when considering abstract semantic operators having some 
arguments in Subst, such as the abstract mgu, the considered substitutions are 
always taken to have variables in VI. Wc would like to emphasize that this is done 
for ease of presentation only: the complete definition of both the domains and the 
semantic operators can be immediately derived from those given, e.g., in (Bagnara 
et al. 1997, Bagnara et al. 2001). Note that other solutions are possible; we refer the 
interested reader to (Cortesi, File and Winsborough 1996, Section 7) and (Scozzari 
2001, Section 10), where this problem is discussed in the context of groundness 
analysis. 
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3.1 The Set-sharing Domain SH 

Definition 1 

(The set-sharing domain SH .) The domain SH is given by 

SH =^ p(S'G), 
where the set of sharing- groups SG is given by 

5G^=i'p(F/)\{0}. 

SH is partially ordered by set inclusion so that the lub is given by set union and 
the gib by set intersection. 

Note that, as we are adopting the upper closure operator approach to abstract 
interpretation, all the domains we define here are ordered by subset inclusion. As 
usual in the field of abstract interpretation, this ordering provides a formalization 
of precision where the less precise domain elements are those occurring higher in 
the partial order. Thus, more precise elements contain less sharing groups. 
Since SH is a power set, SH is dual-atomistic and 

dAtomsCS'ff) = { 50 \ {5} I 5 e 50 }. 

In all the examples in this paper, the elements of SH are written in a simplified 
notation, omitting the inner braces. For instance, the set 

{{x},{x,y},{x,z},{x,y,z}} 

would be written simply as 

{x,xy,xz,xyz}. 

Example 1 

Suppose VI = {x,y,z}. Then the seven dual- atoms of SH are: 



Sl 


= { 


y, 


z,xy,xz,yz,xyz}, ' 








S2 


= {x 




z,xy,xz,yz,xyz}, 


> 


these lack 


a singleton; 


S3 


= {x 


y, 


xy,xz,yz,xyz}, ^ 








34 


= {x 


y, 


z, xz,yz,xyz},^ 








S5 


= {x 


y, 


z,xy, yz,xyz}, 


> 


these lack 


a pair; 


S6 


= {x 


y, 


z,xy,xz, xyz},^ 








S7 


= {x 


y, 


z,xy,xz,yz }, 




this lacks 


VI. 



The meet-irreducible elements of SH are si, . . . , sr, and the top element SG. 

Definition 2 

(Operations over SH.) The function bin: SH x SH — > SH, called binary union, 
is given, for each shi, sh2 € SH, by 

bin(s/ii, sh2) { 5i U ^2 | Si G shi, S2 e sh2 }• 
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The star-union function (•)* : SH — > SH is given, for each sh G SH, by 




The j-self-union function {-y : SH — > SH is given, for each j > 1 and sh G SH, by 



The extraction of the relevant component of an element of SH with respect to a 
subset of VI is encoded by the function rel: p{VI) x SH — > SH given, for each 
V CVI and each sh e SH, by 



The function amgu captures the effects of a binding x t-^ t on an element of SH. 
Let sh € SH, Vx = {x], Vt = vars{t), and Vxt = VxUvt- Then 

amgu{sh, X i-^ t) (^sh\{Tel{vxt,sh)) Uhin(vel{vx,sh)*,vel{vt,sh)*). 
We also define the extension amgu : SH x Subst SH by 



The function proj : SH x p( VI) — > SH that projects an element of SH onto a subset 
V C VI of the variables of interest is given, for each sh £ SH, by 



Together with lub, the functions proj and amgu are the key operations that 
make the abstract domain SH suitable for computing static approximations of the 
substitutions generated by the execution of logic programs. These operators can be 
combined with simpler ones (e.g., consistent renaming of variables) so as to provide 
a complete definition of the abstract semantics. Also note that these three operators 
have been proved to be the optimal approximations of the corresponding concrete 
operators (Cortesi and File 1999). The j-self-union operator defined above is new. 
We show later when it may safely replace the star-union operator. Note that, letting 
j = 1, 2, and n, we have sh^ = sh, sh^ = h\n{sh, sh), and, as ij^VI = n, sh" = sh* . 



sh^ { 5 e SG 3sh' Csh.(# sh' <j,S = \J sh' 



)} 



leliV sh)=^{S€sh\Sr\Vj^0}. 



amgu(s/i, 0) = sh, 
amgu(s/i, {a; I— > t} U a) amgu ( amgu (s/i, x >—>■ t),a\{x >—>■ t}). 



proj(s/i, V)^ {SnV \ S e sh,SnV j^(/}}u{{x} \ x e VI\V}. 



3.2 The Tuple-Sharing Domains 



To provide a general characterization of domains such as the groundncss and pair- 
sharing domains contained in SH, we first identify the sets of elements that have 
the same cardinality. 
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Definition 3 

(Tuples of cardinality k.) For each A: G N with 1 < A; < n, the overloaded 
functions tuples^ : SG SH and tuples^. : SH SH are defined as 

tuplcs,{S) {T ep{S) I #T = fc}, 
tuplesfc(s/i) =^|J{tupleSfe(5") | S' e sh}. 

In particular, if 5 € SG and sh e SH, let 

pairs(5) tuples2(<S'), 

pairs(,s/i) '= tuples2(s/i). 

The usual domains that represent groundness and pair-sharing information will 
be shown to be special cases of the following more general domain. 

Definition 4 

(The tuple-sharing domains TSk-) For each k € N such that 1 < < n, the 
function p^s^ ■ SH — » SH is defined as 

PTs^{sh) =' { 5 e 5'G I tuples^.(5') C tuplesj,(s/i) } 

and, as pTs^ € uco{SH), it induces the lattice 

TSk = Pts,{SH). 

Note that pi-s^ (tuples^ (s/i)) = pTs^i^h) and that there is a one to one correspon- 
dence between TSk and p(tuplesj.( V7)) . The isomorphism is given by the functions 
tuples^: TSk -> p(tupleSfc( 1//)) and Pts^'- p(tupleSfe( V7)) TSk- Tims the do- 
main TSk is the smallest domain that can represent properties characterized by 
sets of variables of cardinality k. We now consider the tuple-sharing domains for 
the cases when k = 1,2, and n. 

Definition 5 

(The groundness domain Con.) The upper closure operator pcon- SH — > SH 
and the corresponding domain Con are defined as 

dcf 

Pcon = Prsi, 

Con =^ TSiiSH) = pc„„.{SH). 

This domain, which represents groundness information, is isomorphic to a domain 
of conjunctions of Boolean variables. The isomorphism tuples^ maps each element 
of Con to the set of variables that are possibly non-ground. From the domain 
tupleS]^( Con), by set complementation, we obtain the classical domain G (Jones and 
S0ndergaard 1987) for representing the set of variables that are definitely ground 
(so that we have TSi Con = G). 
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Definition 6 

(The pair-sharing domain PS.) The upper closure operator ppgi SH SH 
and the corresponding domain PS are defined as 



This domain represents pair-sharing information and the isomorphism tuples2 maps 
each element of PS to the set of pairs of variables that may be bound to terms that 
share a common variable. The domain for representing variable independence can 
be obtained by set complementation. 

Finally, in the case when k = nwe have a domain consisting of just two elements: 



Note that the bottom of TSn differs from the top element SG only in that it 
lacks the sharing group VI. There is no intuitive reading for the information en- 
coded by this element: it describes all but those substitutions a e Subst such that 
n{ vars{xa) \ x e W } 7^ 0. 

Just as for SH, the domain TSk (where 1 < fc < n) is dual-atomistic and: 



def 

PpS — PtS2 7 



PS= TS2{SH) = Pj.s{SH). 



TSn = {SG,SG\{VI}}. 



dAtoms(r5ft) 




Thus we have 




dAtoms(PS') 




Example 2 

Consider Example 1. Then the dual-atoms of Con are 



n = si n S4 n S5 n S7 = { y,z, 

r2 = S2 n S4 n S6 n S7 = {x, z, xz 

J's = ss n S5 n S6 n S7 = {x, y, xy 



yz}, 



}, 
}; 



the dual-atoms of PS are 



mi = SiHsj = {x,y,z, xz,yz}, 
m2=S5ns7 = {x,y,z,xy, yz}, 
1713 = seCi sr = {x,y,z,xy,xz }■ 



It can be seen from the dual-atoms that, for each j = I, . . . , n, where j ^ k, the 
precision of the information encoded by domains TSj and TSk is not comparable. 
Also, we note that, if j < k, then p.rs.{TSk) = {SG} and prs^iTSj) = TSj. 
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3.3 The Tuple- Sharing Dependency Domains 



We now need to define domains that capture the propagation of groundness and 
pair-sharing; in particular, the dependency of these properties on the further in- 
stantiation of the variables. In the same way as with TSk for Con and PS, we 
first define a general subdomain TSDk of SH . This must be safe with respect to 
the tuple-sharing property represented by TSk when performing the usual abstract 
operations. This was the motivation behind the introduction in (Bagnara et al. 
1997, Bagnara et al. 2001) of the pair-sharing dependency domain PSD. We now 
generalize this for tuple-sharing. 

Definition 1 

The tuple-sharing dependency domain {TSDk-) For each k where 1 < A; < n, 
the function Ptsd^. '■ SH SH is defined as 



It follows from the definitions that the domains TSDk form a strict chain. 
Proposition 1 

For j,k€N with 1 < j < fc < n, we have TSDj c TSDk. 
Moreover, TSDk is not less precise than TSk. 

Proposition 2 

For G N with 1 < < n, we have TSk C TSDk- Furthermore, if n > 1 then 



As an immediate consequence of Propositions 1 and 2 we have that that TSDk is 
not less precise than TSi n • • • n TSk. 

Corollary 1 

For j, fc e N with 1 < i < fc < n, we have TSj C TSDk. 

It also follows from the definitions that, for the TSDk domain, the star-union op- 
erator can be replaced by the fc-self-union operator. 

Proposition 3 

For 1 < A; < n, we have Ptsd^^ {^^^) ~ ■ 




pTSD^{sh) 

^S&SG 'iT(ZS:#T <k =^ S = \J{U esh\T(ZUCS}'^ 



and, as Ptsd^ G nco{SH), it induces the tuple-sharing dependency lattice 



TSDk='prsnJSH). 



TSk C TSDk. 




We now instantiate the tuple-sharing dependency domains for the cases when 
fc = 1, 2, and n. 
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Definition 8 

(The ground dependency domain Def.) The domain Def is induced by the 
upper closure operator pjj^f : SH — > SH. They are defined as 

def 

Pogf — Ptsdi , 

Def = TSDi = PnASH). 

By Proposition 3, wo have, for all sh G SH, PrsDiish) = sh* so that TSDi is a 
representation of the domain Def used for capturing groTindness. It also provides 
evidence for the fact that the computation of the star-union is not needed for the 
elements in Def. 

Definition 9 

(The pair-sharing dependency domain PSD.) The upper closure operator 
Ppsd '■ SH SH and the corresponding domain PSD are defined as 

def 

Ppsd — Ptsd^i 

PSD=^ TSD2= Ppsd{SH). 

Then, it follows from (Bagnara et al. 1997, Theorem 7) that PSD corresponds 
to the domain SH^ defined for capturing pair-sharing. By Proposition 3 we have, 
for all sh G SH, that ppsoish^) = sh*, so that, for elements in PSD, the star- 
union operator sh* can be replaced by the 2-self-union sh^ = bin(s/i, sh) without 
any loss of precision. This was also proved in (Bagnara et al. 1997, Theorem 11). 
Furthermore, Corollary 1 confirms the observation made in (Bagnara et al. 1997) 
that PSD also captures groundness. 

Finally, letting k = n, we observe that TSDn = SH. Figure 1 summarizes the 
relations between the tuple-sharing and the tuple-sharing dependency domains. 

As already discussed at the start of this section, the set of variables of interest 
VI is fixed and, to simplify the notation, omitted. In (Bagnara et al. 1997, Bagnara 
et al. 2001) the domains SS and SS'' (corresponding to SH and PSD, respectively) 
arc instead obtained by explicitly adding to each domain clement a new component, 
representing the set of variables of interest. It is shown that SS'' is as good as SS 
for both representing and propagating pair-sharing and it is also proved that any 
weaker domain docs not satisfy these properties, so that SS'' is the quotient (Cortesi 
et al. 1994, Cortesi et al. 1998) of SS with respect to the pair-sharing property PS. 

We now generalize and strengthen the results in (Bagnara et al. 1997, Bagnara 
et al. 2001) and show that, for each k G {1, • • • ,n}, TSDk is the quotient of SH 
with respect to the reduced product TSi n • • • n TSk. These results are proved at 
the end of this section. 

Theorem 3 

Let shi,sh2 G SH and 1 < A; < n. If Prso^ishi) = pTSDi^{sh2) then, for each 
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TSi = Con TS2 = PS TS3 TSn-i rS„ 



TSDi = Def 



TSD2 = PSD 



TSDs 



TSDr, 



TSDn = n TSi 

Fig. 1. The set-sharing domain SH and some of its abstractions. 



a e Subst, each sh' e SH, and each V G p{VI), 

Ptsd,, (amgu(s/ii, (t)) = Ptsd^, (amgu(.s/i2, ct)) , 

pTSD^{sh' U s/ii) = PrsD^ish' U s/12), 
PrsD^ (proj(s/ii, y)) = Ptsd„ (proj(s/i2, V)). 

Theorem 4 

Let 1 < A; < n For each sh\,sh2 € S'i?, pTSD^{sh\) ^ PTSD^{sh2) implies 
3(7 e S'Mfcsi, 3j G {1, . . . , A;} . pra, (amgu(s/ii, cr)) ^ p-rg, (amgu(s/i2 
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3.4 Proofs of Theorems 3 and 4 

In what follows we use the fact that Ptsd,, is an upper closure operator so that, for 

each shi, s/12 G SH, 

shi <Z PTSD^{sh2) <^ PTSD^{shi) C pTSD^{sh2). (1) 
In particular, since (■)* = Ptsd^ , we have 

shi C sh2 <s=^ shl C s/ij. (2) 

Lemma 1 

For each sh e SH and each V & p{ VI), 

Ptsd^ {sh) \ rel(y, Ptsd^^ {sh)) = Ptsd^ {sh \ vel{V, sh)) . 

Proof 

By Definition 7, 
S e pTSD^ {sh \ rel(V, sh)) 

^ VT C S : (#T < k =^ S = [j{U€ sh\Tel{V,sh) | TC f/C 5}) 
<^ VTC5: (#T<k =^ S = [j{Uesh\TCUCS}^ 

ASTiy = 

{sh)\viA{V,p,,,^{sh)). □ 

Lemma 2 

For each s/ii, s/i2 € SH, each F e p( F/) and each fc e N with 1 < fc < n, 

pTSD^{shi) C pTSD^{sh2) =^ rcl(V", s/ii)* C rel(V", 5/12)*- 

Proo/ 

We prove that 

shi C /3t,s-d,(s/i2) =^ rcl(V, ,s/;,i) C rcl(y, s/ta)*. 

The result then follows from Eqs. (1) and (2). 

Suppose S e rel(V, s/ii). Then, S e s/ii and F n S 7^ 0. By the hypothesis, 
S e PTSD^{sh2)- Let a; G y n 5. Then, by Definition 7, we have 

5 = |J{C/es/i2 I {a;}C?7C5} 

= |J{C/erel(V,5/i2) \{x}CUCS}. 

Thus 5 e rel(T/, 5/12)*. □ 

Lemma 3 

For each s/ii, s/12 S each a e 5^65^ and each A; G N with 1 < A: < n, 

PTSD^{shi) = pTSD^{sh2) => pTOD^amgu(s/ii,cr) j =pTODfc(amgu(s/i2,o-) j. 
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Proof 

If cr = 0, the statement is obvious from the definition of amgu. In the other cases, 
the proof is by induction on the size of a. The inductive step, when a has more 
than one binding, is straightforward. For the base case, when a = {x t},we have 
to show that 

shi C pTSDk{sh2) => amgu(s/ii,{xi-^t}) CpI.sD^,(amgu(5/i2,{a;l-^^})). 

The result then follows from Eq. (1). 

[t), and V 

S e amgu(5/ii, {x t}) 



Let Vx '= {x}, Vt vars{t), and v^t '= Vx^Vt- Suppose 



Then, by definition of amgu, 

S e (s/ii \ rel(va; U Vt, shi)) U bin(rel(t;a;, shi)*, rel(vt , shi)*) . 
There are two cases: 

1. S € shi \ rel(wa; U Vt,shi). Then, by hypothesis, S € PTSD^{sh2)- Hence we 
have S G PTSD^{sh2) \rel(t;a; ^ Vt, pTSD^{sh2)) ■ Thus, by Lemma 1, 

S G Ptsd^ {sh2 \ T:e\{vx U Vt, 5/12))- 

2. 5 G bin(rel(?;a;,s/ii)*,rel(i;t,s/ii)*). Then we must have S = T U R where 
T G Te\{vx, shi)* and R G rel(ut, shi)*. 

The proof here splits into two branches, 2a and 2b, depending on whether fc > 1 
or A; = 1. 

2a. We first assume that fc > 1. Then, by Lemma 2 we have that T G y:el{vx, sh2)* 
and R G rel(ut, 5/12)*. Hence, 

S G bin(rel(t;a;, sh2)* ,re\{vt, 5/12)*). 

Combining case 1 and case 2a we obtain 

S G Ptsd^^ {sh2 \ y:el{vx U Vt, 5/12)) U bin(rel(u3;, sh2)* ,rel{vt, 5/12)*). 

Hence as Ptsd^^ is extensive and monotonic 

S G Ptsd^ (^{sh2 \ T:el{vx U Vt, s/12)) U bin(rel(i;a;, s/12)*, rel(t!t, 5/12)*)) , 

and hence, when k > 1, S G Ptsd^ ^amgu(s/i2, {x ^ i})^- 
2b. Secondly suppose that fc = 1. In this case, we have, by Proposition 3: 

PTSDiish2) = shl 

and that 

Ptsdi ^amgu(s/i2, {x >-> t})^ = amgu(s/i2, {x t})*. 
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Thus, by the hypothesis, 

S e bin(rel(u^,s/i2)*,rcl(ut,s/i2)''), 
= bin(rel(t'x, 5/12)5 re^tit, s/ij)) • 

Therefore we can write 

S = T_[JT^[jR_[jRt 

where 

T_[JTx e rcl(u2;, s/12), 
R_U Rt £ rel(ui, s/12), 
T_,R_€ (s/i2 \ rel(i;2:t, s/12))*, 
e rel(w^,s/i2)*\0, 
Rt€i:e\{vt,sh2y\9. 

Thus 

5 G (^(s/i2 \ rel(wa;t, s/12)) U bin(rel(va;, 3/12)*, rel(-yt, s/12)*)) 

= amgu(s/i2, {x 1^ /})*• 

Combining case 1 and case 2b for fc = 1, the result fohows immediately by the 
monotonicity and extensivity of (•)*. □ 

Lemma 4 

For each shi, s/i2 € SH, 

pTSD^{shl U s/12) = PrSDj, (pTSD^ishl) U PTSD^{sh2))- 

Proof 

This is a classical property of upper closure operators (Gierz et al. 1980). □ 

Lemma 5 

For each s/ii, s/12 £ SH and each 1^ C VI, 

PrsD^ishi) = pTSDi,{sh2) =^ PraDfc(proj(s/n, V)) = pTOBj,(proj(s/i2, V^))- 
Proof 

We show that 

shi C pTSDk{sh2) =^ proj(s/ii,F) C praoi, (proj(s/i2, V)). 

The result then follows from Eq. (1). 

Suppose shi C pTSD^{sh2) and S G proj(s/ii, F). Then, as proj is monotonic, we 
have S G proj (ptooj^ (s/12), V)- We distinguish two cases. 

1. There exists x V such that S = {x}. Then S G proj(s/i2, 1^) and hence, by 
Definition 7, 5 G Ptsdj, (pi'oj(s/i2, V^)). 

2. Otherwise, by definition of proj and Definition 7, there exists S' G Ptsd^. (5/12) 
such that 5 = 5' n y and 

VT C S' : (#T < k =^ S = [J{U e sh2\T CU C S'}nvy 
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Hence 

VTC5: {#T<k =^ S = \J{U ewoi{sh2,V) \ 
and thus S G Ptsd^ (pi"oj(5/i2, V)) . 

□ 

Proof of Theorem 3. 

Statements 1, 2 and 3 follow from Lemmas 3, 4 and 5, respectively. □ 

The following lemma is also proved in (Bagnara et al. 1997, Bagnara et al. 2001) 
but we include it here for completeness. 

Lemma 6 

Let a = {xi ti, . . . ,Xn 1-^ tn}, where, for each i = 1, . . . , n, U is a ground 
term. Then, for all sh G SH wc have 

amgu(s/i, a) = sh\ rel({a;i, . . . sh). 

Proof 

If n = 0, so that cr = 0, the statement can be easily verified after having observed 
that rel(0, sh) = 0. Otherwise, if n > 0, we proceed by induction on n. For the base 
case, let n = 1. Then 

amgu{sh,xi t-^ti) = s/i \ rel({a;i}, s/i) U bin^rel({a;i}, s/i)*,rel(0, s/i)*^ 
= sh\ rel({a;i}, sh). 
For the inductive step, let n > 1 and let 

/ def r , ,1 

cr = {Xi ti, . . . ,Xn-l tn-l}. 

By definition of amgu we have 

amgu(s/i, cr) = amgu(s/i, {a;„ i— > tn} U a') 

= amgu^amgu(s/i, {a;„ ^n}), cr'j 

= amgu^s/i \ rel({a;„}, sh) , a'^ 

= (^sh\rel{{xn},sh)^ \ rcl(^{a;i, . . . ,Xn-i}, sh\rel{{xn}, sh)^ 

= sh \ ^rel({a;„}, sh) U rel^{a;i, . . . ,Xn-i}, sh \ rel({a;„}, sft))^ 
= sh\Tel[{xi, . . . ,Xn}, sh). □ 
Proof of Theorem 4- 

We assume that S € Ptsd^ {shi) \ Ptsd^ (s/i2)- (If such an S does not exist we simply 
swap shi and s/i2-) 

Let C denote a ground term and let 

0"^= {x^C\x&VI\S}. 
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Then, by Lemma 6, for i = I, 2, wc define amgu(s/ii, cr) =^ shf where 

s/if =''{TCS'|Tes/ii}, 
sh^ = {TcS\T€sh2}. 

Now, if # S' = J and j < k, then we have S S shi \ s/i2- Hence S G shf \ s/if and 
we can easily observe that S G pTs.{shf) but S ^ pTs {sh2)- 

On the other hand, if # 5* = j and j > fc, then by Definition 7 there exists T 
with #T <k such that 

6' = |J{[/G5/if |TC[/} 

but 

5DU{f/G5/if |TC[/} =^5'. 

Let a; G 5 \ S'. We have /i = #(T U {x}) < fc and thus we can observe that 
Tu{x}g Prs^ishf) but Tu{x}^ ^^^(s/if ). □ 

4 The Meet-Irreducible Elements 

In Section 5, we will use the method of File and Ranzato (File and Ranzato 1996) to 
decompose the dependency domains TSDk- In preparation for this, in this section, 
we identify the meet-irreducible elements for the domains and state some general 
results. 

We have already observed that TSk and TSDn = SH are dual- atomistic. How- 
ever, TSDk, for < n, is not dual-atomistic and we need to identify the meet- 
irreducible elements. In fact, the set of dual-atoms for TSDk is 

dAtoms(r5Dfc) = {SG\{S}\S &SG,H^S <k). 

Note that # d Atoms (T^Dfe) = Y!'j=i Specializing this for fc = 1 and k = 2, 
respectively, we have 

dAtoms(i?e/) = {SG\ {{x}} \x&Vl), 
dAtom.s{PSD) = {SG\{S]\S & pairs(y/) } U dAtoms(i?e/), 

and we have # dAtoms(Z)e/) = n and # dAtoms(PS'£>) = n(n -|- 1)/2. We present 
as an example of this the dual-atoms for Def and PSD when n = 3. 

Example 3 

Consider Example 1. Then the 3 dual-atoms for DeJ are s\, S2, S3 and the 6 dual- 
atoms for PSD are si, ... , se. Note that these are not all the meet-irreducible 
elements since sets that do not contain the sharing group xyz such as {.i;} and 
-L = Puef (-L) = cannot be obtained by the meet (which is set intersection) of a set 
of dual-atoms. Thus, unlike Con and PS , neither Def nor PSD are dual-atomistic. 

Consider next the set Mf. of the meet- irreducible elements of TSD^ that are 
neither the top element SG nor dual-atoms. Mf. has an element for each sharing 
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group S € SG such that #S > k and each tuple T c S with #T = k. Such 
an element is obtained from SG by removing all the sharing groups U such that 
T CU CS. Formally, for 1 < fc < n, 

Mk=^ {SG\{U eSG\TCU CS}\T,S eSG,T cS,#T = k}. 

Note that, as there are (^) possible choices for T and 2""*^ — 1 possible choices for 

S, wc have # A4 = (fc)(2"-'= - 1) and #MI(TOI?fc) = E,to (J) + (^2"-^ 

We now show that we have identified precisely all the meet-irreducible elements 
of TSDk. 

Theorem 5 

If fc e N with 1 < A; < n, then 

Ml{TSDk) = {SG} U dAtoms{TSDk) U M^. 

The proof of this theorem is included at the end of this section. Here, we illustrate 
the result for the case when n = 3. 

Example 4 

Consider again Example 3. First, consider the domain Def. The meet-irreducible 
elements which arc not dual-atoms, besides SG, are the following (see Figure 2): 

qi = { y,z, xz,yz,xyz} C si, 

q2 = { y,z,xy, yz,xyz}Csi, ri = { y,z, yz}Cqir\q2, 
q3 = {x, z, xz,yz,xyz} C S2, 

q4 = {x, z,xy,xz, xyz} C S2, r2 = {x, z, xz jCqaOqA, 

95 = {x, y, xy, yz, xyz} c S3, 

96 = {x, y, xy, xz, xyz} C S3, r-s = {a;, y, xy } C 95 n qe- 

Next, consider the domain PSD. The only meet- irreducible elements that are not 
dual-atoms, beside SG, are the following (see Figure 3): 

mi = {x,y,z, xz,yz } C S4 
m2 = {x,y,z,xy, yz } C S5 
ms,^ {x,y,z,xy,xz } C sg. 

Each of these lack a pair and none contains the sharing group xyz. 

Looking at Examples 2 and 4, it can be seen that all the dual-atoms of the 
domains Con and PS are meet-irreducible elements of the domains Def and PSD, 
respectively. Indeed, the following general result shows that the dual-atoms of the 
domain TSk are meet-irreducible elements for the domain TSDj.- 

Corollary 2 

Let A: e N with 1 < fc < n. Then 

dAtoms(TS'fe) = {she M\{TSDk) \ VI sh}. 

For the decomposition, we need to identify which meet-irreducible elements of 
TSDk are in TSj. Using Corollaries 1 and 2 we have the following result. 
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Fig. 2. The meet-irreducible elements of Def for n = 3, with dual-atoms emphasized. 

Corollary 3 

If j, A; e N with l<j <k<n, then Ml{TSDk) n TSj = {SG}. 

By combining Proposition 1 with Theorem 5 we can identify the meet-irreducible 
elements of TSD^^ that are in TSDj, where j < k. 

Corollary 4 

If j,kGN with 1 < j < k <n, then 

Ml{TSDk) n TSDj = dAtoms{TSDj). 

4-1 Proof of Theorem 5 

Proof of Theorem 5. 

We prove the two inclusions separately. 



1. Ml{TSDk) 2 {SG} U dAtoms(TS'Dfe) U Mfe. 

Let m be in the right-hand side. If to € {SG} U dAtoms(T6'£'fc) there is 
nothing to prove. Therefore we assume to G Mfe. We need to prove that if 
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V y 

Fig. 3. The meet-irreducible elements of PSD for n = 3, with dual-atoms emphasized. 
shi,sh2 £ TSDk and 

m = shi A 5/12 '= sh\ fl 5/12 

then m = shi or m = s/12. Obviously, wc have m C shi and m C s/i2- 
Moreover, by definition of M^, there exist T,S € SG where = k and 
T cS such that 

m = SG\{U G SG \ T CU CS}. 

Since S ^ m, we have S ^ shi or 5 ^ s/i2- Let us consider the first case (the 
other is symmetric). Then, applying the definition of TSDk, there is a T' C 5 
with #T' <k such that 

\J{U' G shi\T' CU' CS} ^ S. 

Since #T' <#T, there exists x such that a; e T \ T'. Thus T' c S\ {x} and 

S'\{.t} G to. Hence, as m C shi, wc have S'\{.t} G ,s/ii. Consider an arbitrary 
U e SG where T CU CS. Then a; G C/. Thus, since 5 = (5 \ {x}) U U and 
5 ^ s/ii, U ^ s/ii. Thus, as this is true for all such U, shi C m. 
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2. Ml{TSDk) C {SG} U dAtoms(r5£>fc) U Mfe. 

Let sh & TSDk- We need to show that sh is the meet of elements in the right- 
hand side. If sh ~ SG then there is nothing to prove. Suppose sh SG. For 
each S G SG such that 5* ^ sh, wc will show there is an element mg in the 
right-hand side such that S ^ mg and sh C mg. Then sh = pjj mg \ S ^ sh}. 
There are two cases. 

2a. #S < k; Let ms = SG\ {S}. Then mg G dAtoms(r5Dfe) and s/i C mg. 
2b. # S* > fc; in this case, applying the definition of TSDk, there must exist a 
set T' C S with #T' < k such that 

|J{ [/' G s/i I T' C t/' C S* } C S'. 

However, since T' C S, we have = U{ ^' U {x} | a; G \ T' }. Thus, for 
some X € S\T', if U is such that T'\j{x} CU CS then ^ s/i. Choose 
TeSG so that T' U {a;} C T and #T = fc and let mg = S'G \ {[/ e | 
T CU C S}. Then mg e Mk, S ^ ms, and sh C mg. 



5 The Decomposition of the Domains 

5.1 Removing the Tuple-Sharing Domains 

We first consider the decomposition of TSD^ with respect to TSj. It follows from 
Theorem 1 and Corollaries 1 and 3 that, for 1 < j < fc < n, we have 

TSDk ~ TSj = MooTe{Ml{TSDk) \ Prs^iTSDk)) 
= Moore(MI(T5£»fe) \ TSj) 

= TSDk. (3) 

Since SH = TSDn, we have, using Eq. (3) and setting k = n, that, if j < n, 

SH ~ TSj = SH. (4) 

Thus, in general, TSj is too abstract to be removed from SH by means of comple- 
mentation. (Note that here it is required j < n, because we have SH ~ T5„ ^ SH.) 
In particular, letting j = 1, 2 (assuming n > 2) in Eq. (4), we have 

SH r~.PS = SH Con = SH, (5) 

showing that Con and PS are too abstract to be removed from SH by means of 
complementation. Also, by Eq. (3), letting j = 1 and = 2 it follows that the 
complement of Con in PSD is PSD. 

Now consider decomposing TSDk using TSk. It follows from Theorem 1, Propo- 
sition 2 and Corollary 2 that, for 1 < A; < n, we have 

TSDk ~ TSk = Moove{Ml{TSDk) \ p,s,{TSDk)) 
= Moove{M\{TSDk) \ TSk) 

= {sh& TSDk \VI &sh }. (6) 
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Thus we have 

TSDk ~ {TSDk ~ TSk) = TSk. (7) 

Wc have therefore extracted all the domain TSk from TSDk. So by letting fc = 1, 
2 in Eq. (6), we have found the complements of Con in Def and PS in PSD: 

Def - Con = { s/i e Def \ VI G s/i }, 
PSD PS ^{she PSD I VI esh }. 

Thus if we denote the domains induced by these complements as Def® and PSD®, 
respectively, we have the following result. 

Theorem 6 



Def - Con = Def®, Def Def® = Con, 

PSD PS = PSD® , PSD PSD® = PS. 

Moreover, Con and Def® form a minimal decomposition for Def and, similarly, PS 
and PSD® form a minimal decomposition for PSD. 



5.2 Removing the Dependency Domains 

First we note that, by Theorem 5, Proposition 1, and Corollary 4, the complement 
of TSDj in TSDk, where 1 < j < k < n, is given as follows: 

TSDk ~ TSD-i = MooTe{Ml{TSDk) \ PTSD^iTSDk)) 
= MooTe{MI{TSDk) \ TSDj) 

= {she TSDk \yS€SG:#S<j ^ SGsh}. (8) 

It therefore follows from Eq. (8) and setting k = n that the complement of Ptsd^ in 
SH for j < n is: 

SH ~ TSDj = {shGSH\yS€SG:#S<j^SGsh} (9) 
1^' SH+. 

In particular, in Eq. (9) when j = 1, we have the following result for Def, also 
proved in (File and Ranzato 1996, Lemma 5.4): 

SH r^Def = {sheSH\yxeVI: {x} e sh} 

Also, in Eq. (9) when j = 2, we have the following result for PSD: 

SH ~ PSD = {shG SH \ yS € SG :#S <2 =^ S G sh} 
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Def- TS2 = PS PSD^ 




TSD2 = PSD 

Fig. 4. A non-trivial decomposition of PSD. 

We next construct the complement of PSD with respect to Def . By Eq. (8), 
PSD r^Def = {shG PSD | Va; e V7 : {a;} G sh} 
PSD+. 

Then the complement factor Def~ =^ PSD ~ PSD~^ is exactly the same thing as 
SH ~ SHt,f so that PSD and SH behave similarly for Def. 

5.3 Completing the Decomposition 

Just as for SH, the complement of SH^^^ using PS' (or, more generally, TSj where 
1 < j < n) is SH^^j. By Corollary 2 and Theorem 1, as PS is dual-atomistic, the 
complement of PS in PSD^ is given as follows. 

Theorem 7 

PSD* PSD+ ~ PS 

= {sh€ PSD I VI e sh,yx G VI : {x} G s/i }, 
P5'D+ ~ PS'i?* = PS'. 

So, we have extracted all the domain PS from PSD^ and we have the following 
result (see Figure 4). 

Corollary 5 

Def^, PS, and PSD* form a minimal decomposition for PSD. 



6 Discussion 

By studying the sharing domain SH in a more general framework, we have been 
able to show that the domain PSD has a natural place in a scheme of domains based 
on SH. Since the well-known domain Def for groundness analysis is an instance of 
this scheme, wc have been able to highlight the close relationship between Def and 
PSD and the many properties they share. In particular, it was somehow unexpected 
that these domains could both be obtained as instances of a single parametric 
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construction. As another contribution, we have generalized and strengthened the 
results in (Cortesi et al. 1994, Cortesi et al. 1998) and (Bagnara et al. 1997, Bagnara 
et al. 2001) stating that 

• Def is the quotient of SH with respect to the groundness domain G = Con; 
and 

• PSD is the quotient of SH with respect to the reduced product Con n PS of 

groundness and pair-sharing. 

In the view of recent results on abstract domain completeness (Giacobazzi and 
Ranzato 1997), these points can be restated by saying that DeJ and PSD are the 
least fully- complete extensions (Ifce's) of Con and Con n PS with respect to SH, 
respectively. 

From a theoretical point of view, the quotient of an abstract domain with respect 
to a property of interest and the least fully-complete extension of this same property 
with respect to the given abstract domain are not equivalent. While the Ifce is 

defined for any semantics given by means of continuous operators over complete 
lattices, it is known (Cortesi et al. 1994, Cortesi et al. 1998) that the quotient may 
not exist. However, it is also known (Giacobazzi, Ranzato and Scozzari 1998b) that 
when the quotient exists it is exactly the same as the Ifcc, so that the latter has also 
been called generalized quotient. In particular, for all the domains considered in this 
paper, these two approaches to the completeness problem in abstract interpretation 
are equivalent. 

In (Bagnara et al. 1997, Bagnara et al. 2001), we wrote that PSD PS ^ PSD. 
This paper now clarifies that statement. Wc have provided a minimal decomposition 
for PSD whose components include Def^ and PS. Moreover, we have shown that 
Def and PSD are not dual-atomistic and we have completely specified their meet- 
irreducible elements. Our starting point was the work of File and Ranzato. In (File 
and Ranzato 1996), they noted, as we have, that SH'^^j ~ PS = SH~^^^ so that 
nothing of the domain PS could be extracted from SH^^^. They observed that pps 
maps all dual-atoms that contain the sharing group VI to the top element SG 
and thus lose all pair-sharing information. To avoid this, they replaced the classical 
pair-sharing domain PS with the domain PS' where, for all sh e SH'^^j, 

p,s'ish)=p,sish)\{{VI}\sh), 

and noted that Sif ~ PS' = {sh £ SH^^^ \ VI € sh}. To understand the nature 
of this new domain PS', we first observe that, 

PS' = PSn TSn- 

This is because TSn = M^TS,,) {5G \ { VI}, SG}. In addition, 

SHt,, TSn = {sh€ SHt,, I Vl&sh}, 

which is precisely the same as SH^^^ ^ PS' . Thus, since SH^^^ ^ PS = SH^^_^, it is 
not surprising that it is precisely the added component TSn that is removed when 
we compute the complement for SH^^^ with respect to PS' . 
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We would like to point out that, in our opinion, the problems outlined above 
are not the consequence of the particular domains considered. Rather, they are 
mainly related to the methodology for decomposing a domain. As shown here, 
complementation alone is not sufficient to obtain truly minimal decompositions of 
domains. The reason being that complementation only depends on the domain's 
data (that is, the domain elements and the partial order relation modeling their 
intrinsic precision), while it is completely independent from the domain operators 
that manipulate that data. In particular, if the concrete domain contains elements 
that are redundant with respect to its operators (because the observable behavior 
of these elements is exactly the same in all possible program contexts) then any 
factorization of the domain obtained by complementation will encode this redun- 
dancy. However, the theoretical solution to this problem is well-known (Cortesi et 
al. 1994, Cortesi et al. 1998, Giacobazzi and Ranzato 1997, Giacobazzi et al. 1998b) 
and it is straightforward to improve the methodology so as to obtain truly minimal 
decompositions: first remove all redundancies from the domain (this can be done 
by computing the quotient of the domain with respect to the observable behavior) 
and only then decompose it by complementation. This is precisely what is done 
here. 

We conclude our discussion about complementation with a few remarks. It is 
our opinion that, from a theoretical point of view, complementation is an excellent 
concept to work with: by allowing the splitting of complex domains into simpler 
components, avoiding redundancies between them, it really enhances our under- 
standing of the domains themselves. 

However, as things stand at present, complementation has never been exploited 
from a practical point of view. This may be because it is easier to implement a sin- 
gle complex domain than to implement several simpler domains and integrate them 
together. Note that complementation requires the implementation of a full integra- 
tion between components (i.e., the reduced product together with its corresponding 
best approximations of the concrete semantic operators), otherwise precision would 
be lost and the theoretical results would not apply. 

Moreover, complementation appears to have little relevance when trying to design 
or evaluate better implementations of a known abstract domain. In particular, this 
reasoning applies to the use of complementation as a tool for obtaining space saving 
representations for domains. As a notable example, the GER representation for 
Pos (Bagnara and Schachte 1999) is a well-known domain decomposition that does 
enable significant memory and time savings with no precision loss. This is not (and 
could not be) based on complementation. Observe that the complement of G with 
respect to Pos is Pos itself. This is because of the isomorphisms Pos = SH (Codish 
and S0ndergaard 1998) and G = Con =^ T^i so that, by Eq. (5), Pos G = Pos. 
It is not difficult to observe that the same phenomenon happens if one considers 
the groundness equivalence component E, that is, Pos ^ E = Pos. Intuitively, 
each element of the domain E defines a partition of the variable of interest VI 
into groundness equivalence classes. In fact, it can be shown that two variables 
x,y G VI are ground-equivalent in the abstract element sh G SH = Pos if and 
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only if rcl({x}, s/i) = ve\(^{y} , sh) . In particular, this implies both {x} ^ sh and 
{y} ^ sh. Thus, it can be easily observed that in all the dual-atoms of Pos no 
variable is ground-equivalent to another variable (because each dual-atom lacks 
just a single sharing group). 

A new domain for pair-sharing analysis has been defined in (Scozzari 2000) as 

Sh''^'' = PSD+ n A, 

where the A component is a strict abstraction of the well-known groundness do- 
main Pos. It can be seen from the definition that Sh''^^ is a close relative of PSD. 
This new domain is obtained, just as in the case for PSD, by a construction that 
starts from the set-sharing domain SH = Sh and aims at deriving the pair-sharing 
information encoded by PS = PSh. However, instead of applying the generalized 
quotient operator used to define PSD, the domain Sh''^^ is obtained by applying a 
new domain-theoretic operator that is based on the concept of optimal semantics 
(Giacobazzi, Ranzato and Scozzari 1998a). 

When comparing Sh'^^'^ and PSD, the key point to note is that Sh''^^ is neither 
an abstraction nor a concretization of the starting domain SH. On the one hand 
Sh^^^ is strictly more precise for computing pair-sharing, since it contains formulas 
of Pos that are not in the domain SH. On the other hand SH and PSD are strictly 
more precise for computing groundness, since Sh'^^'^ does not contain all of Def: in 
particular, it does not contain any of the elements in Con. 

While these differences are correctly stated in (Scozzari 2000), the informal dis- 
cussion goes further. For instance, it is argued in (Scozzari 2000, Section 6.1) that 

"in [(Bagnara et al. 2001)] the domain PSD is compared to its proper abstractions only, 
which is a rather restrictive hypothesis ..." 

This hypothesis is not one that was made in (Bagnara ct al. 2001) but is a distinctive 
feature of the generalized quotient approach itself. Moreover, such an observation 
is not really appropriate because, when devising the PSD domain, the goal was to 
simplify the starting domain SH without losing precision on the observable PS. 
This is the objective of the generalized quotient operator and, in such a context, 
the "rather restrictive hypothesis" is not restrictive at all. 

The choice of the generalized quotient can also provide several advantages that 
have been fully exploited in (Bagnara et al. 2001). Since an implementation for SH 
was available, the application of this operator resulted in an executable specification 
of the simpler domain PSD. By just optimizing this executable specification it was 
possible to arrive at a much more eflacient implementation: exponential time and 
space savings have been achieved by removing the redundant sharing groups from 
the computed elements and by replacing the star-union operator with the 2-self- 
union operator. Moreover, the executable specification inherited all the correctness 
results readily available for that implementation of SH, so that the only new result 
that had to be proved was the correctness of the optimizations. 

These advantages do not hold for the domain Sh*^^*^. In fact, the definition of a 
feasible representation for its elements and, a fortiori, the definition of an executable 
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specification of the corresponding abstract operators seem to be open issues.^ Most 
importantly, the required correctness results cannot be inherited from those of SH. 
All the above reasons indicate that the generalized quotient was a sensible choice 
when looking for a domain simpler than SH while preserving precision on PS . 

Things are different if the goal is to improve the precision of a given analysis 
with respect to the observable, as was the case in (Scozzari 2000). In this context 
the generalized quotient would be the wrong choice, since by definition it cannot 
help, whereas the operator defined in (Scozzari 2000) could be useful. 

7 Conclusion 

We have addressed the problem of deriving a non-trivial decomposition for ab- 
stract domains tracking groundness and sharing information for logic languages by 
means of complementation. To this end, we have defined a general schema of do- 
mains approximating the set-sharing domain of Jacobs and Langcn and we have 
generalized and strengthened known completeness and minimality results. From a 
methodological point of view, our investigation has shown that, in order to obtain 
truly minimal decompositions of abstract interpretation domains, complementation 
should be applied to a reference domain already enjoying a minimality result with 
respect to the observable property. 
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